The invention relates in general to the field of methods for securely booting computers, and in particular to methods for booting a computer from a user trusted device, such as a light, protected memory device.
Today, more and more computer users encrypt their hard disks (or more generally their long-term data storage device) to ensure that, in case of loss of the hard disk, the “finder” does not gain access to the user's data. Full disk encryption works fine to prevent such a finder to access the data. However, the usual disk encryption solutions do not prevent somebody who has access to the computer to spy out the legitimate user's password.
Systems that use encrypted disks need to be able to boot the computer from the hard disk, which can be accomplished by using an operating system (“OS”) loader that is unencrypted, where the OS loader typically includes a boot loader. The BIOS (or the initializing firmware) would otherwise not be able to decrypt it and hence start it. This boot loader then prompts the user for a passphrase that is used to unlock the encryption key. With this key, the encrypted contents of the hard disk can be decrypted and the operating system can subsequently be started.
A problem that arises is that an attacker can manipulate the OS loader (stored in clear text) for it to store a copy of the passphrase (e.g., somewhere on the computer in clear text or send it to a server via the computer's network interface if available) the next time the user starts her/his computer. Once the computer has been started with the compromised OS loader, the attacker can read out the passphrase from his location and gain access to the computer.